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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a communication system capable of utilizing 
the optimum channel corresponding to the quality necessary for an application in a 
communication network having a plurality of channels for performing communication 
from a terminal device connected to a mesh-like network configured by mutually 
connecting a plurality of nodes to an external network. 

SOLUTION: When the terminal device connected to the mesh-like network configured 
by mutually connecting a plurality of nodes accesses the external network via this 
mesh-like network. In this caseif there are many channels from the mesh-like network 
to the external networka node directly connected to the terminal device collates the 
communication quality required for transferring the data inputted from this terminal 
device with the communication quality of each of the communication channelsand 
selects the optimum communication channel for transferring the data. 



CLAIMS 



[Claim(s)] 
[Claim 1] 

Two or more nodes are the communication network systems which access an 
external network via said mesh network from a terminal unit linked to a mesh network 
constituted by connecting mutually 

When two or more communication paths from said mesh network to an external 
network existA node which carries out direct continuation to said terminal unit 



compares communication quality required of transmitting data inputted from said 
terminal unitand communication quality of each communication pathand has a 
communication-path selecting means which chooses the optimal communication path 
for transmitting the data concerned. 

A communication network system characterized by things. 
[Claim 2] 

In the communication network system according to claim 1 

A tunnel setting-out means to set a tunnel as a communication path between a node 
which carries out direct continuation of said communication-path selecting means to 
said terminal unitand a server of said external network 

An application classification quality record means to record communication quality 
which application software classification requires beforehand 
A quality identification means to supervise communication quality of each 
communication path 

A communication-path quality record means to record quality information acquired by 
the surveillance of said quality identification part 

It is judged whether each data inputted into said node from 1 or two or more terminal 
units corresponds to which application software classification currently recorded on 
said application classification quality record meansQuality information currently 
recorded on said application classification quality record means and said 
communication-path quality record means is comparedand it has with a course 
discriminating means which specifies 1 or two or more communication paths which 
secure quality which said each data requires 
Said each data is outputted to said specified communication path. 
A communication network system characterized by things. 
[Claim 3] 

In the communication network system according to claim 2 

Said tunnel setting-out means is classified and set to either a tunnel which uses said 
tunnel only for data communications of a specific application software classificationor 
a tunnel which can be used for data communications of arbitrary application software 
classification. 

A communication network system characterized by things. 
[Claim 4] 

It is a node which carries out direct continuation to said terminal unit when two or 
more nodes access an external network via said mesh network from a terminal unit 
linked to a mesh network constituted by connecting mutuallyWhen two or more 
communication paths from said mesh network to an external network 
existcommunication quality required of transmitting data inputted from said terminal 
unit and communication quality of each communication path are comparedand the 
optimal communication path for transmitting the data concerned is chosen. 
A communication-path selecting arrangement characterized by things. 



[Claim 5] 

In the communication-path selecting arrangement according to claim 4 
A tunnel setting-out means to set a tunnel as a communication path between a node 
which carries out direct continuation of said communication-path selecting means to 
said terminal unitand a server of said external networl< 

An application classification quality record means to record communication quality 
which application software classification requires beforehand 
A quality identification means to supervise communication quality of each 
communication path 

A communication-path quality record means to record quality information acquired by 
the surveillance of said quality identification means 

It is judged whether each data inputted into said node from 1 or two or more terminal 
units corresponds to which application software classification currently recorded on 
said application classification quality record meansQuality information currently 
recorded on said application classification quality record part means and said 
communication-path quality record means is comparedand it has a course 
discriminating means which specifies 1 or two or more communication paths which 
secure quality which said each data requires 
Said each data is outputted to said specified communication path. 
A communication-path selecting arrangement characterized by things. 
[Claim 6] 

In the communication-path selecting arrangement according to claim 5 

Said tunnel setting-out means is classified and set to either a tunnel which uses said 

tunnel only for data communications of a specific application software classificationor 

a tunnel which can be used for data communications of arbitrary application software 

classification. 

A communication-path selecting arrangement characterized by things. 

[Claim 7] 

Two or more nodes are the information-and-telecommunications methods which 
access an external network via said mesh network from a terminal unit linked to a 
mesh network constituted by connecting mutually 

A step which sets a tunnel as a communication path between a node which carries 
out direct continuation to said terminal unit as said communication pathand a server 
of said external network when two or more communication paths from said mesh 
network to an external network exist 

A step which records communication quality which application software classification 
requires beforehand 

A step which supervises communication quality of a tunnel set as said communication 
path 

A step which records quality information of said tunnel obtained by surveillance 
It is judged whether each data inputted into said node from said terminal unit 



corresponds to which application software classffication currently recorded on said 
application classification quality record meansA step which specifies 1 or two or more 
communication paths which secure communication quality which compares 
communication quality which said application classification requiresand communication 
quality of said tunneland said data requires 

It has a step which outputs said data to said specified communication path. 
An information-and-telecommunications method characterized by things. 
[Claim 8] 

In an information-and-telecommunications method according to claim 7 
In a step which sets up said tunnelit classifies and sets to either a tunnel which uses 
said tunnel only for data communications of a specific application software 
classificationor a tunnel which can be used for data communications of arbitrary 
application software classification. 

An information-and-telecommunications method characterized by things. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 

[Field of the Invention] 

[0001] 

This invention relates to the communication network systemcommunication-path 
selecting arrangementand the information-and-telecommunications method of 
accessing the server on an external network from the terminal unit which joins the 
network which comprises a node connected to mesh shapefor exampleand performing 
information and telecommunications. 
[Background of the Invention] 
[0002] 

Although one of the radio art in recent years has an ad hoc networkThis ad hoc 
network has taken the gestalt (multi-hop communication) which connects many 
terminals without the intervention of an access point mutuallyforms a network in 
mesh shape using radio artand enables use of two or more courses. For this reasona 
base station and an access point become unnecessarycan build a network cheaply at 
a place without such an infrastructureand are effective in an ad hoc network as a 
certain limited means of construction of a network simple within the area. 
[0003] 

Howeveran ad hoc network is difficult to leave behind technical problem and to 
secure the steady quality of a communication path — unlike a wired networka 
communication rate changes every moment — in order that each node may carry out 
wireless connection autonomously and may constitute a network. 
[0004] 



As one of measuresaccording to the communication rate of the data within a 
networkTo the thing controls starting of application software (application is called 
hereafter.)and it was made to operate application by an always good operating state. 
For examplethe data-communications rate between the client terminal within a 
network and a host terminal is measuredWhen the communication rate is judged to be 
less than the communication rate which operates the predetermined application of a 
client terminal normally based on the measurement historythere is art which 
restricted starting of the predetermined application of a client terminal (for 
examplerefer to patent documents 1 .). 
[Patent documents 1] JP2003-122672A 
[Description of the Invention] 
[Problem(s) to be Solved by the Invention] 
[0005] 

Corresponding [ however] to the communication rate produced by the thing of a 
description measuring the communication rate of the communication line between the 
terminals made into the object in a network to the patent documents 1It controls so 
that only the application which can start in a client terminal and can be operated 
normally can startand when the communication rate which application requires was 
not obtainedthere was inconvenience that the target application could not be started. 
[0006] 

In an ad hoc networkonly the optimal path for each node is calculated and it 
communicates using the course. Howeverin the actual condition of using general 
TCP/IP (Transmission Control Protocol/Internet Protocol) even if two or more nodes 
accessed out of an ad hoc network in that case exist. The thing with one available 
session by application software etc. became only one courseand since it was not able 
to distribute at the time of the same sessionthere was inconvenience that the 
advantage which two or more courses have could not be employed efficiently. 
[0007] 

In a communication network with two or more courses which perform communication 
with an external network from the terminal unit linked to the mesh network 
constituted by two or more nodes connecting this invention mutually in view of this 
pointit aims at proposing the communication method which can use the optimal 
course corresponding to the quality which application needs. 
[Means for Solving the Problem] 
[0008] 

In order to solve an aforementioned problem and to attain the purposethis 
inventionWhen two or more nodes access an external network via this mesh network 
from a terminal unit linked to a mesh network constituted by connecting 
mutuallyWhen two or more communication paths from a mesh network to an external 
network existCommunication quality required of a node which carries out direct 
continuation to a terminal unit transmitting data inputted from this terminal unitand 



communication quality of each communication path are comparedChoose the optimal 
communication path for transmitting the data concernedand more specificallyA tunnel 
setting-out means to set a tunnel as a communication path between a node which 
carries out direct continuation to a terminal unitand a server of an external 
networkAn application classification quality record means to record communication 
quality which application software classification requires beforehandA quality 
identification means to supervise communication quality of each communication 
pathand a communication-path quality record means to record quality information 
acquired by the surveillance of this quality identification meanslt is judged whether 
each data inputted into this node from 1 or two or more terminal units corresponds to 
which application software classification currently recorded on said application 
classification quality record meansQuality information currently recorded on this 
application classification quality record means and this communication-path quality 
record means is comparedit has with a course discriminating means which specifies 1 
or two or more communication paths which secure quality which each data 
requiresand each data is outputted to this specified communication path. 
[0009] 

When two or more communication paths from a mesh network to an external network 
exist according to this this inventionBy comparing communication quality acquired by 
supervising communication quality and each communication path which are required 
of a node which carries out direct continuation to a terminal unit transmitting data 
inputted from the terminal unit. A communication path with quality needed for 
transmitting the target data is chosenand optimal course is used. 
[0010] 

This invention classifies and sets the above-mentioned tunnel setting-out means to 
either a tunnel which uses a tunnel only for data communications of a specific 
application software classificationor a tunnel which can be used for data 
communications of arbitrary application software classification. 
[0011] 

In classifying a tunnel into either for general which can be used for application 
software the object for immobilizationor arbitrary used for a certain specific 
application software in this this inventionwhen setting up a tunnel. Only by specifying 
application software classification of inputted dataa tunnel (communication path) can 
be appropriately assigned according to quality which application software 
classification requires. 
[Effect of the Invention] 
[0012] 

By acquiring the information about communication quality set up in order to perform 
communication to an external network from the network of mesh shape [ ad hocfor 
example ]such as the zone and time delay of each course (tunnel)and a packet loss 
rateaccording to this this invention. Streamingdata of downloadvoice dataa video 



dutatext dE vaetc. which are inputted from a terminal unit can choose the suitable 
course for each communicationand effective use of the zone of each course is 
attained. Thereforethe steady communication quality at the time of accessing to an 
external network is securable from a mesh network. 
[0013] 

By what a tunnel is classified and set for to general [ which can be used for 
application software the specific object for application softwareor arbitrary ]. Only by 
specifying the application software classification of the inputted dataa tunnel 
(communication path) can be appropriately assigned according to the quality which 
application software classification requiresand the zone of each course can be used 
effectively more efficiently. 
[Best Mode of Carrying Out the Invention] 
[0014] 

Hereafterthe example of the 1 embodiment of this invention is explained with 
reference to drawing 1 - drawing 1 2 . 

This example from the terminal unit which has joined the independence distributed 
network which realizes communication by combining between nodes provided with a 
gate way function with ad hoc. Have considered it as the example applied when 
external networkssuch as the Internetwere accessedand the ad hoc example [ this ] 
communication network itself. The so-called network of approximately mesh shape 
(mesh) is constituted using the existing artsuch as MANET (Mobile Ad-hoc Networks). 
[0015] 

The general drawing of the communication network system of this example is shown 
in drawing 1 . 

1 is a terminal unit connectable with the ad hoc network which comprises the nodes 
2-7 provided with the gate way function. The nodes 2-7 carry out interconnection to 
two or more nodes which exist in the circumferenceand the network (NW is called 
hereafter.) 1 0 is formed by IP (Internet Protocol) in this example. 8 is a server which 
is provided on the external networks (the exterior NW is called hereafter.) 20such as 
the Internetand receives the node 6 or the needed information from 7and data on an 
ad hoc network. This server 8 functions also as a tunnel server which forms the node 
in NWIOand the tunnel mentioned later. 9 is a terminal unit connected with the server 
8 so that communication is possible. In this exampleas for an access node and 
othersthe nodes 6 and 7 linked to an access line are general nodes. 
[0016] 

The software module composition of the node which forms the mesh network of this 
example is shown in drawing 2 . 

So that it may be shown among a figure The MANET module 30the tunnel setting-out 
module 31 the node authentication module 32the quality identification module 33an 
application database. (The application DB is called hereafter.) 34a tunnel information 
database. (The tunnel DB is called hereafter.) It shall be constituted by 35the routing 



table 36the packet input module 37the packet judging module 38and the packet 
output module 39and shall be stored in ROM (Read Only Memory) which is not 

illustrated. 
[0017] 

The tunnel setting-out module 31 and the node authentication module 32 function as 
a tunnel setting-out meansand transmit and receive burrow informationa tunnel 
setting requestnode attestationetc. which are needed when performing tunnel setting 
out. And the quality Identification module 33 which functions as a quality identification 
meansThe quality identification module 33 in a general node like the node 2 which 
receives tunnel setup information from the tunnel setting-out module 31 for 
examplecarries out direct continuation to a terminal unitWhile supervising periodically 
the communication quality of the tunnel which actually set up connection and 
registering the quality information into tunnel DB35comparison with the 
communication quality which the application classification registered into application 
DB34 mentioned later requiresetc. are performed. 
[0018] 

Application DB34 Application software. (Application is called hereafter.) It functions as 
an application classification quality record means to record the communication quality 
which classification requiresAs it is a database which arranges and stores the quality 
which the data which passes along a node requires for every applicationfor exampleis 
shown in below-mentioned drawing 1 l lnformationincluding application 
classificationDSCP (DiffServ Code Point)a time delaya packet loss ratea transmission 
bandthe number of sessionsetc.is registered. When a case so that this number of 
sessions may communicate by connecting two or more terminal units to the node 2 of 
drawing If or example is assumedin the same application classificationthe node 2 
expresses the controllable number of sessions simultaneously. 
[0019] 

So that tunnel DB35 may function as a communication-path quality record means and 
it may be shown in the quality information acquired by supervising regularly the tunnel 
set up with the quality identification module 33for examplebelow-mentioned drawing 
12Informationincluding the measuring times of ID of the access node on a coursean IP 
addressa time delaya packet loss ratea quota zoneand communication qualityetc.is 
stored. 
[0020] 

The routing table 36 holds the path table in an ad hoc networkand the set-up path 
table of a tunnel in this example as general routing. 

[0021] 

While the MANET module 30 builds a network independently with an adjoining nodeFor 
examplecommunication by a MANET routing protocol which is variously proposed by 
the workgroup (WG) of IETF (Internet Engineering Task Force) based on the path 
table of the above-mentioned routing table 36 is performed. 



[0022] 

The packet input module 37 processes the packet inputted from LAN (Local Area 
Network)WAN (Wide Area Network)etc. in the general node side. An access node is 
also the same. The packet input module 37 supplies the packet which received from 
the outside to the packet judging module 38. 
[0023] 

The packet judging module 38 functions as a course discriminating meansit specifies 
through which tunnel (communication path) the information on the packet which 
compared application DB34 and tunnel DB35 and was extracted with the packet input 
module 37 is transmitted to an external networkand transmits to the packet output 
module 39. The packet output module 39 outputs a packet to the course specified by 
the packet judging module 38. 
[0024] 

These modules of each node constitute a control section with the node 
authentication module 32the tunnel setting-out module 31the quality identification 
module 33and the MANET module 30The packet input module 37the packet judging 
module 3Band the packet output module 39 constitute a packet treating partA control 
section and a packet treating part perform suitable communications control of a 
packet according to the information stored in the application database 34the tunnel 
information database 35and the routing table 36. 
[0025] 

The main functions in the general node of each node constituted are as follows like 

1 . Build an ad hoc network independently using the existing art. 

2. Receive broadcasting from an access node and set up a tunnel based on the 

information. 

3. Perform the connection request by tunneling to an access node. 

4. Supervise the quality of the connected tunnel periodically. 

5. Hold DB in which the quality which the application outputted and inputted requires 

is stored. 

DB in which the quality of the tunnel currently supervised by 6. is stored is held. 

7. Hold the channel information of an ad hoc network and a tunnel. 

8. LANWANetc. process the packet inputted from other nodes. 

9. Determine the destination of a packet based on the information on the packet 
extracted with the packet input module. 

10. Output a packet to the course specified by the packet judging module. 
[0026] 

The main functions in an access node are as follows. 

1 . Build an ad hoc network independently using the existing art. 

2. Advertise the information on the access line which self has connectedand the 
communication band permitted to each node in an ad hoc network with 



techniquessuch as broadcasting. 

3. The connection request from a general node is attested. 

4. Hold the channel information of an ad hoc network and a tunnel. 

5. LANWANetc. process the packet inputted from other nodes. 

6. Determine the destination of a packet based on the information on the packet 
extracted with the packet input module. 

7. Output a packet to the course specified by the packet judging module. 
[0027] 

With reference to drawing 3t he signal transduction performed between the access 
node in a network and a general node is explained. 

Firstan access node broadcasts periodically the default route (default communication 
path) information used from the tunnel setting-out module 31a as burrow information 
to an unspecified general node (distribution). A general node receives default route 
information by the tunnel setting-out module 31aand performs the connection (tunnel 
setting out) demand by tunneling to an access node based on the information. 
[0028] 

According to the tunnel setting request from a general nodeas for an access nodethe 
tunnel setting-out module 31b outputs a node authentication request signal to the 
node authentication module 32b. The node authentication module 32b reports that 
node attestation is carried out to the general node which required tunnel setting out. 
The tunnel setting-out module 32a which received the node authentication 
notification carries out the response to node attestation to an access nodeif the zone 
of a tunnel is not clearly narrow or problemslike a packet loss rate is large are not 
seenfor example. 
[0029] 

An access node receives the response of the node attestation from a general node 
with the node authentication module 32bsupplies a tunnel setting-out enabling signal 
to the tunnel setting-out module 31 band transmits tunnel setup information to a 
general node from the tunnel setting-out module 31b. 
[0030] 

And while registering with the routing table 36 which received tunnel setup 
information by the tunnel setting-out module 31a in the general nodeand was shown 
in drawing 2 The quality identification module 33a performs performance monitoring of 
a tunnel regularly based on this tunnel setup informationand registers the quality of 
that tunnel into tunnel DB35a as tunnel information. And although mentioned laterthe 
quality identification module 33a judges compatibility with the quality which the tunnel 
information registered with reference to the application information registered into 
application DB34a and application classification requireQoS (Quality of Service) is 
realized. 
[0031] 

Nexttunnel setting out of the communication network system of this example is 



explained with reference to u'rawi ng 4 - the explanatory view of sixdra wing 7 an(J the. 
flow chart of 8. 

Firsteach node builds the ad hoc network (NW) 10 independently using the existing ail. 
Each node about specific application Layer 3 header in open systems interconnection 
reference modelsuch as an IP/ICMP (Internet Control Message Protocol) headerAnd 
the information on layer 4 headerincluding TCP (Transmission Control Protocol) / 
UDP (User Datagram Protocol) headerAnd Informationincluding the delayzonepacket 
loss rateetc. which the application requiresis held as a databaseas shown in drawing 2. 
[0032] 

The explanatory view of the default route information distribution at the time of 
performing tunnel setting out is shown in drawing 4 . The access nodes 6 and 7 linked 
to external NW20 broadcast the default route (default communication path) 
information used considering the purport that it has connected the outside of NWIOas 
burrow information to an adjoining node (Step SI), (distribution) 
[0033] 

In this examplethe node 2 receives the burrow information on the course which 
passes along the nodes 6 and 3 as shown in drawing 4 and the course which passes 
along the nodes 7 and 4. NW10 top may be broadcast regularlywhen the terminal unit 
1 connects with NWIOit may be receivedand an exchange in the usual IP layer or the 
exchange by the application layerand any may be sufficient as the default 
communication data used as the basis of this burrow information. 
[0034] 

Drawing 5 is an explanatory view of ad hoc network inner tunnel setting out of this 
example. The node 2 requests tunnel setting out to the access nodes 6 and 7 
according to the received default communication data (Step S2). The existing art is 
used about setting out of a tunnel. In order to prevent tapping within NW1 0 etc.for 
example rather than IP-in-IP (RFC 1853) or GRE (RFC 1701). Use in the tunnel mode 
of IPsec (Security Architecture for Internet Protocol) is more preferred. 
[0035] 

It is judged whether the access nodes 6 and 7 attest the requested node 2 (Step 
S3)If it judges that it is unsuitable as a connection objectand attestation will be 
refusedit will distinguish whether the predetermined numbei^of-times attestation of 
specification went wrong (step S4) and the number-of-times attestation of 
specification will not have gone wrongit will return to processing of Step S2and a 
tunnel request will be repeated. When the number-of-times attestation of 
specification goes wrongtunnel setting processing is ended. The access nodes 6 and 7 
transmit the information on a tunnel to the node 2when it judges that the node 2 is 
suitable as a connection object and attestation passes (Step S5). 
[0036] 

The node 2 judges whether the tunnel information received from the access nodes 6 
and 7 is effective for the node 2 (Step S6)and when not effectiveit ends tunnel 



setting processing. When it is judged tliat it Is evfectivethe node 2 sets up a tunnel 
between the node 2the node 6and the node 7 based on the received tunnel 

informationrespectively (Step S7). 
[0037] 

Drawing 6 is an explanatory view of mesh network outer tunnel setting out of this 
example. The tunnels 1 1 and 12 stretched between the node 2 and the access nodes 
6 and 7 which were connected with the terminal unit 1 are usedand a tunnel is further 
set up between the servers 8 on the external network 20. The node 2 requires tunnel 
connection towards the server 8 besides NW10 from each tunnels 11 and 12 which 
set up the default communication path. Under the present circumstancesattestation 
by the server 8 is performed. Apparatus ID of an applicable node and the IP address 
in NW10 are transmitted to discernment of a nodeand it is used for attestation. 
[0038] 

In addition to the usual authenticating processingthe tunnel server 8 performs the 
following registration. Part two or more **** of a communication path are registering 
themand the IP address used to the node 2 identifies the communication from two or 
more tunnels as the one flow (flow). The tunnel server 8 removes the header of the 
packet which arrives from two or more tunnels stretched between the nodes 2and 
returns it to one flow based on the above-mentioned IP address. 
[0039] 

On the occasion of the tunnel setting request from the node 2if the server 8 judges 
that it is unsuitable as a connection objectit will refuse attestation. If satisfactory as 
a connection objectit will reply judging that it is suitable and permitting attestation to 
the node 2and a tunnel will be set up between the node 2 and the server 8 using the 
tunnel 11. Similarlya tunnel with the node 2 and the server 8 is set up using the 
tunnel 12 set up in NW10. The set-up tunnel information is registered into the tunnel 
DB. In the example of drawing 6t wo accessible tunnels (communication path) exist in 
the server 8 of external NW20 from the terminal unit 1 of NW10. 
[0040] 

Nextthe steady tunnel surveillance phase which performs performance monitoring of 
the set-up tunnel is explained. 

Firstthe node 2 will carry out additional registration of the information on the tunnel 
set up newly to the tunnel DBif a tunnel is set up (Step S8). The tunnel addition flow 
at this time is explained with reference to the flow chart of drawing 8 . 
[0041] 

The node 2 judges whether the application which requires special transfer rulessuch 
as streaming datafor example exists in the application DB. A node compares the 
application DB with the tunnel DBand checks whether the tunnel which can secure 
the communication quality which individual application classification requires exists 
(Step S21). When special transfer rules do not exista new tunnel is added to a 
common tunnel (Step S22). A common tunnel is a tunnel which is not limited to 



communication of a specific application use and which is used for the other purposes 
here. The tunnel for special shall refer to the tunnel used only for a specific 
application use. 
[0042] 

Nextwhen the application which requires special transfer rules exists in the 
application DBWhen it judges whether the optimal tunnel for these special transfer 
rules exists (Step S23) and does not exist in the tunnel registered into the tunnel DB 
including the newly set-up tunneladditional registration of the new tunnel is carried 
out to a common tunnel (Step S24). 
[0043] 

When the optimal tunnel exists to special transfer rules by processing of Step 
S23when it is oneit is judged first whether the one tunnel is a new tunnel (Step S25). 
When it is a new tunnelit is set as the tunnel for special (for individual) which limited 
the new tunnel to communication of the application of special transfer rules 
chieflyand registers with the tunnel DB (Step S26). When it is not a new tunnelan 
applicable tunnel is set as the tunnel for specialand a new tunnel is registered into a 
common tunnel (Step S27). 
[0044] 

When the optimal tunnel for the tunnel DB exists to special transfer rules by 
processing of Step S23when it is [ two or more ]it is judged first whether a new 
tunnel is included in the two or more tunnels (Step S28). When a new tunnel is 
includeda tunnel group including the new tunnel is set as the tunnel for special chiefly 
limited to communication of the application of special transfer rulesWhen it registers 
(Step S29) and does not include a new tunnelan applicable tunnel group is set as the 
tunnel for specialand a new tunnel is registered into a common tunnel (Step S30). 
[0045] 

Thusaccording to the quality which the application of the data inputted into the node 
requiresa suitable tunnel (communication path) can be immediately chosen from a 
terminal unit by assigning a tunnel beforehand to the object for generaland specialand 
registering with a database. 
[0046] 

And the tunnel stretched between the servers 8 from the quality identification module 
of the node 2 is receivedFor examplequality information to which the beacon for a 
life-and-death check and a quality information demand is periodically transmitted at 
intervals of 1 second etc. (step S9) and which is answered from the tunnel 
communication quality response module (not shown) of the server Ssuch as a time 
delay and a packet loss rateis collectedand it records on the tunnel DB. When it 
judges whether there is any reaction from a tunnel to transmission of a beacon at this 
time (Step S10)there is a reaction and the response to a quality information demand 
has returnedWhile reflecting the replied tunnel quality information in a databasethe 
shell^life set up based on the measuring times of drawing 12 is updated (Step S1 1)it 



shifts to processing of Step SSand steady tunnel surveillance is continued. 
[0047] 

When there is no reaction from a tunnel within a shelf-lifethe information on the 
tunnel is deleted and cut from the tunnel DB (Step SI 2). For examplewhen a 
prescribed frequency beacon is transmittedthere was no responseit was judged as the 
communication-path downand delete the tunnel from the tunnel DBand it is cut or the 
quality of a tunnel becomes below a fixed standardit may not correspond under life- 
and-death surveillanceor may be made to cut a tunnel. The quality information of 
these tunnels is held in a database. 
[0048] 

In a series of tunnel addition flows of Step S8how to register first all the tunnels set 
up newly as a tunnel for general can be considered. That isa general node transmits 
all the applications using the tunnel for general until it registers the tunnel set up first 
as a tunnel for generic applications and a tunnel peculiar to application is set up. 
Henceforthwhen a new tunnel is set upaccording to the communication quality of the 
tunnel which changes every momentit is made to add and register the tunnel as a 
common tunnel at firstto be a process of steady tunnel surveillance and to change a 
use at any time. 
[0049] 

A node compares the application DB with the tunnel DBand checks periodically 
whether the tunnel which can secure the communication quality which individual 
application classification requires exists. When quality cannot be secured in one 
tunnelthe application is transmitted using the tunnel for general until it is securable. 
The tunnel for individual can be added until the tunnel for general remains and it 
becomes one. The situation where there is no tunnel which corresponds if it can 
respond to all the applications and depends on application classification by leaving at 
least one tunnel for generaland it cannot communicate is avoided. 
[0050] 

Drawing 9 can show an example in case the terminal unit 1 which the communication 
network system of this example connects to NW10 communicates with the terminal 
unit 9 of the external network 20and can mount it in the following packet format 
forms. 
[0051] 

Although this example is an application gestalt of IPsec(tunnel mode)+NAT (Network 
Address Translation) traversalthe server 8 achieves the following function at this time. 

- Apparatus ID is seen and it has a function which changes into a suitable IP address. 

- Carry out a buffer to a suitable temporal cue method (queue)and send out in order 
of the sequence number of TCP as much as possible. 

- In the case of UDPsend out as it is. 
[0052] 

Assigning [ for example] an IP address to each apparatusthe node 2 which are an IP 



address "IP-z" and apparatus ID "E~ID"and a communication-path selecting 
arrangement makes the terminal unit 1 an IP address "IP-Z" by NAT. The nodes 6 
and 7 linked to an access circuitit is referred to as the IP address "IP-A" by NATIP- 
Band the IP address "IP-1 " according from external NW20 to NAPT (Network 
Address Port Translation)and "IP-2" from NW10 siderespectively. The server 8 
makes the IP address "IP-3" by NAPTand the terminal unit 9 an IP address "IP-4" 
further again. 
[0053] 

When two or more tunnels are stretched from the node 2 to the server 8two or more 
IP addresses are assigned with methodssuch as round-robin (round-robin) oneandas 
for the node 2self transmits the data sent from the terminal unit 1 to an available 
tunnel by 1 packet unit. At this timethe packet information of the communication to 
the node 2 from the terminal unit 1 is "DATA" and "a TCP header (z->4)." And when 
the node 2 distributes to two communication paths of the tunnels 11 and 12 and it is 
transmittedthe packet information of the communication to the node 6 and the node 7 
from the node 2It becomes "DATA"an "IP header"an "iPsec header"and a "tunnel IP 
header"and the "tunnel IP header" for transmitting the inside of the "IPsec header" 
and tunnel showing the IP address information on the node of the both ends of the 
tunnels 11 and 12 is added. 
[0054] 

When transmitted to the server 8 in the exterior NW20 from the node 6the 
communication packet informationThe information transmitted on NW10 using the 
tunnels 11 and 12 disappearsand the "UDP header" is added by using UDP as a 
protocol of communication between NW10 and NW20 hererespectively. The server 8 
judges that the source of the packet transmitted from the nodes 6 and 7 based on 
apparatus ID and a TCP header is a thing from the same node 2and reconstructs the 
information distributed by the packet unit. Since it is communication by UDP in this 
example at this timereconstruct in consideration of round-Trip Timeand as 
information on "DATA" and "a TCP header (3->4)"By transmitting what 
reconstructed the packet in one communication information to the terminal unit 9the 
terminal unit 9 can receive the data from the terminal unit 1 from the server 8. 
[0055] 

When two or more tunnels are stretched from the node 2 with the single server 8It 
recognizes that it is the tunnel which changes from the same node 2 with apparatus 
ID of the applicable node 2or IP addresses in NWIOand the packet from the same 
node transmitted via two or more tunnels is reconstructed in one communication. For 
examplein the case of TCPit is a sequence numberand in the case of 
UDPreconstruction in a right order is performed using the difference of round-Trip 
Time (RTT:Round Trip Time)and it transmits it to the exterior. 
[0056] 

The terminal unit connected to the node 2 by mounting the above structureTwo or 



more courses with an adjoining node can be usedsince it is possible to make two or 
more zones distribute one sessionthe burden placed on the communication path per 
one can be easedand the maximum of transmission speed can be improved 
substantially. Two or more sessions can be communicated simultaneously. 

[0057] 

Selection of a communication path when data is inputted from a terminal unit in the 
communication network system of this example is explained with reference to dr awing 
12. This drawing 12 sets up the tunnels 24 and 25respectively while the access nodes 
6 and 7 on an ad hoc network connect with the server which the network 22 does not 
illustrate via the external networks 21 and 23respectively as compared with drawing 
1 drawing 6 - drawing S Others are the same composition although the point he is 
trying to communicate with the terminal unit 9 is different. 
[0058] 

If it sees from the terminal unit 1 or 9from each terminal unitdata seems to carry out 
the direct communication of the between with the node 2 and the server on the 
network 22 which is not illustrated via the tunnels 1 1 and 24 or the tunnels 1 2 and 
25but. Actuallythe data communications between the terminal unit 1 and the terminal 
unit 9 are performed via a thick line partrespectively. 
[0059] 

When data (packet) has been inputted from the terminal unit Ithe node 2 which is 
carrying out direct continuation to the terminal unit IWith reference to the layers 
L5such as layersuch as layersuch as IP/ICMP header3 header and TCP/UDP header4 
header and an application header- L7 headerit is judged what application the packet is. 
[0060] 

When the address of a packet is in an ad hoc network at this timeSince there are few 
possibilities that it may try to show from the exterior during transmissionor may be 
altereda tunnel is not used but a packet is transmitted to the target node according 
to the transfer rules of the ad hoc network currently recorded on routing table as it is. 
[0061] 

When an address is outside an ad hoc networkit communicates using the tunnel 
stretched between the node 2 and the external network 22. When the tunnel for the 
applications is set upa packet is transmitted using the tunnel. When two or more 
tunnels are assigned to the applicationsby proceduressuch as round-robin (round- 
robin) oneit distributes to the tunnel assigned by the packet unitand transmits to it. 
[0062] 

The node 2 judges to which application classification of the application DB the 
application correspondsand chooses the tunnel corresponding to the application 
classification from the tunnel DB. 
[0063] 

The node 2 searches the delay which application requlresand the tunnel which fulfills 
both packet loss rateswhen the tunnel which is satisfied with one of the tunnels hit to 



sesrch of a sum total zone (the number of demand zone x sessions) existsastigns one 
of them to the applicationand transmits it. When it cannot fill with onetwo or more 
tunnels for which the zone included the largest tunnel are made into 1 setand 
application is assigned and it transmits to it. Even if it uses two or morewhen it 
cannot filland when it does not hit to searchsetting out of a tunnel peculiar to the 
application is not performedbut it transmits using a common tunnel. 
[0064] 

When two communication paths are set to the external network 22 from the node 2 
so that it may be shown among a figureif ID of the access node 6 is made into ID-A 
of the tunnel DB of drawing 4 and the access node 7 is made into the ID-Bfor 
exampleWhen the application A shown in drawing 1 2 is VoIP of the application DB of 
drawing 3 It judges that the course which passes along the access node 6 by a packet 
judging module in consideration of a time delaypacket lossetc. is the optimal 
communication circuit (when set as the tunnel for VoIP)and data transfer is 
performed. 
[0065] 

When the application B is streaming of the application DB of drawing 3 similarlyBy the 
packet judging module 38the optimal communication path is judged to be a course 
which passes along the access node 7 (when set as the tunnel for streaming) in 
consideration of a time delaypacket lossetc.Transmission of packet data is performed 
and the optimal communication path can be chosen according to the classification of 
applicationand the communication quality of a communication path. 
[0066] 

When the tunnel for special is not set up to have stated in advanceit transmits using 
a common tunneland the tunnel for which the above-mentioned applications A and B 
fulfill most the communication quality demandedrespectively is chosen and 
transmitted. 
[0067] 

Since the tunnel which secures the quality of the application classification will come 
to be set up if the user enables it to register into the application DB of the node 2 
the application classification used well in drawing 1 2T he tunnel suitable for the target 
application classification can be assignedand more efficient communication can be 
performed. 
[0068] 

By acquiring the informationincluding the zone and time delay of each course 
(tunnel)a packet loss rateetc.set up in order to perform communication to an external 
network from the network of ad hoc mesh shape according to this example of this. 
Streamingdownload and voice dataa video datatext dataetc. can choose the suitable 
course for each communication. Effective use of a zone is attained by dividing the 
action of a tunnel by communication closed in the communication from a terminal unit 
to the outside of an ad hoc networkand a network. 



[0069] 

It is not what is restricted to radio although wireless connection constitutes the mesh 
network from the example of the above-mentioned embodimentWhat is necessary is 
just to carry out two or more owners of the communication path on the mesh network 
at the time of connecting with the network of the exterior of this mesh network from 
the terminal unit which carries out direct continuation to a mesh network. Although 
the network generally formed with the cable has the stable quality of a communication 
path rather than that of radioBy performing ilfe-and-death surveillance and 
performance monitoring of a communication path (tunnel) with the application of this 
inventionalso when service of the best effort type In which the course in which a 
transfer rate changes with the increases in traffic is provided is usedcommunication 
quality can be stabilized in the better state. 
[0070] 

As for this inventionit is needless to say that various composition can be taken in 
addition to thiswithout not being restricted to the example of an embodiment 
mentioned above and deviating from the gist of this invention. 
[Brief Description of the Drawings] 
[0071] 

[Drawing 1] It is a communication network lineblock diagram of the example of the 1 
embodiment of this invention. 

[Drawing 2] It is a module block diagram of the node of the example of the 1 
embodiment of this invention. 

[Drawing 3] It is an explanatory view showing the signal transduction of the access 
node of the example of the 1 embodiment of this inventionand a general node. 
[Drawing 4] It is an explanatory view of the default route information distribution of the 
example of the 1 embodiment of this invention. 

[Drawing 5] It is an explanatory view of ad hoc network inner tunnel setting out of the 
example of the 1 embodiment of this invention. 

[Drawing 6] It is an explanatory view of ad hoc network outer tunnjsl setting out of the 
example of the 1 embodiment of this invention. 

[Drawing 7] lt is a tunnel setting-out flow chart of the example of the 1 embodiment of 
this invention. 

[Drawing 8] It is a tunnel addition flow chart of the example of the 1 embodiment of 
this invention. 

[Drawing 9] It is an explanatory view of the data communications of the example of the 
1 embodiment of this invention. 

[Drawing 10] It is an explanatory view of communication-path selection of the example 
of the 1 embodiment of this invention. 

[Drawing 11] It is an explanatory view of the application database of the example of 
the 1 embodiment of this invention. 

[Drawing 12] It is an explanatory view of the tunnel information database of the 



example of the 1 embodiment, of this invention. 

[Description of Notations] 

[0072] 

19 — A terminal unit2 — A node (communication-path selecting arrangement)34567 
— Nodes -- A serverlO — A mesh networki 1 1 22425 ~ Tunnel2021 2223 [ — A 
quality identification module 34 / — An application database 35 / — A tunnel data 
information base 38 / — Packet judging module ] — An external network31 — A 
tunnel setting-out module32 — A node authentication module33 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 
[0071] 

[Drawing 1] It is a communication network lineblock diagram of the example of the 1 
embodiment of this invention. 

[Drawing 2] It is a module block diagram of the node of the example of the 1 
embodiment of this invention. 

[Drawing 3] lt is an explanatory view showing the signal transduction of the access 
node of the example of the 1 embodiment of this inventionand a general node. 
[Drawing 4] It is an explanatory view of the default route information distribution of the 
example of the 1 embodiment of this invention. 

[Drawing 5] It is an explanatory view of ad hoc network inner tunnel setting out of the 
example of the 1 embodiment of this invention. 

[Drawing 6] lt is an explanatory view of ad hoc network outer tunnel setting out of the 
example of the 1 embodiment of this invention. 

[Drawing 7] It is a tunnel setting-out flow chart of the example of the 1 embodiment of 
this invention. 

[Drawing 8] It is a tunnel addition flow chart of the example of the 1 embodiment of 
this invention. 

[Drawing 9] lt is an explanatory view of the data communications of the example of the 
1 embodiment of this invention. 

[Drawing 10] lt is an explanatory view of communication-path selection of the example 
of the 1 embodiment of this invention. 

[Drawing 1 1] lt is an explanatory view of the application database of the example of 
the 1 embodiment of this invention. 

[Drawing 12] It is an explanatory view of the tunnel information database of the 
example of the 1 embodiment of this invention. 
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Rfli^ -9- ^ c h T . ^iMi}:-^ ^"f * }X ^ O ^ <^ ^ ^ m £1 ^ K o m 1,3 <i: 

w lais^i^i^^ ^iJ. Ill's" ^ . 

[0010] 

^/c/^f§i^]j±. ti^h y ^)im-^^^mii. h y ^ )i ^ nr£.(D 7 ■/ - iy a y y y h ^'j 
7nYAo)^-'^]& m \z m -t § h y ^> « -rn g ^ l t -r 5 c ^ t -r 
[001 1 ] 

m Jb^ ^ * % *^ '^^ T . h y ^ '/i^ -r ^ 1^ h > ^wl/ * ^ # 7 T' U - V/ a 

:/y7 h 7 X 7tc|ijffl-r xt±ffiM<^77'u ^-s/ a yv7 h 7 x "/ ?-iJ ffl 

5 - M ftl -rn ic K ^> t- S e T' . A ? n /c X - ^ 7 7° U ^ - -> 3 >' V 7 h 7 X 
rmfA^Vi'&t ^tc^^X' . hy^wl/ ^ryj^^r-^^a yy7 h7x7».SiJi'^ 

s ;R -r ^ r^^a s *3 -a: T ii m \z m 0 r s ii i: o 
[ Bj^ ® ^ii m ] 

[0012] 

,Hff7b^^*fgn>^l-<tn{f . <?iJ^lf7 Yt^-J ^^mU^(r>^-^ h 7- ^ ^0fi^-y h 7- 

^ -\o^mm^rr o rc^\zWLiiLrz^m^& ( h > ^wb ) <?) ^ fe? ^ » b$ p^a . y h 43 
® M (3 a t -r M ^ * tf} . 4ig * g ii ?> A /J 5 n ^ X h u - 5 y ^ ^'^ 7 

^3i^-r § 3b^T'#, ^^^KSO^J^<7)^-xt]*iJM^A^^tgi:^^c L o T . 

J, -,7 _ ^^ ^ A[S >y ), 7 _ >^ ^ 7 -t X 1^ O Ai£ m W ^ Ji (3 AS K ^ <i <5S 1" 5 ii 

[0013] 

ffc. hy^.;l'>&!tt5£c[)7yU':r-->3yy7h7x7ffl> Xf4fiM<D77'J'^-->3 
yvyY^^7\z%\\mxt:^-m.m\z^^\.XWL'^-thz.hX.Kti-^r\.fc7'-'^o:>7f 

V ^--y B yy y h ^ :i.7mm^m^t ^Tcifx. vy^^^i cmmm^) ^7yv^-iy 

3 y V 7 h 7 X 7aSiJ<?)SI*-r 5 p"pMt--^^=b-y:Tji^lcfJ 0 § il h ^i:)^^- 
[0014] 

y- h 7 X ^^f?^*<i^ ^ y- Ffig*7 K^^>y txmm^mm 
-r ^^iL'7mm^-y h 7 - ^ *n a l t * s s . ^ y ^ - -y h ^ *|5 -y h 
^ - ^ ic7 ^ ^ ^i^-^lzmmLTcm t LX ^ K> . c ® l^ij « 7 F >y ^ ^ a IH h 7 
-^7 MANET (Mobile Ad-hoc Networks) m (D tS.Wl ^ ^ X t> ?> 

[0015] 

m 1 iz. ^m(omm y f 7 - ^ x -r a © ^ 0 ^ .-i^ -r . 

1 ^^y-F7x-1'1iB^^{i^fc:y-F2~7j;01ifi!c^n^7F4-^•y^^^^>y F7-^'tc 
g|fpjH^*4S*SBt:-fe§o/-K2~7(i^Hlc#ffi-rsMIJ{^oy-Fi:taSS^L. 
C^^ijTtilP ( Internet Protocol) cfc 0 -v h 7 - ^ HUT. NWt^t^o) 1 
0>&Jf^fiKt-^o 8 >^-^-y h^^O^ri-gp^. -y F7-^ iUy. ^gPN W i:?*-r ^o^) 
2 0 ± n . 7 F >t^ -y ^ ^- -y F 7 - ± « / - H 6 X « 7 ?> ii -g * R 0-V - 

^ ^ ^ fS f ^ t)- - T ^ o ^ O -9- - A 8 N W 1 0 «D y - F iZE -r ?> h > ^b * ff^ 

i^c -r ^ h y ^ - ^ b T t ^ rag ^ o 9 li^-^'i 8 tmm'^n^izmmt nxi^^i^^ 
mmxh^o ^o^mxii. 7 ^ -t x @ is k ^ i- ^ / - k e . 7 7 ^ -t x y - f . ^ ® 

[0016] 

0 2 li: . IJiJ © ffl a t>c -y F 7 - ^ ff^ fig -r y - K ® y 7 F 7 X 7 t :i - ;m /iSt ^ 



m If ;f< -r J: d v.: . m a i-j e t -n -- ;!/ 3 o , h > ^ ;!/ h- >' 3. - ;V 3 1 . / - K -i^ 
* y a - ;^ 3 2 . M it iS; - ^l' 3 3 . 7' ■/ iJ ^ - V n >' x - ^ --^ - X C F ^ 7' 

7° u ^/ - >- 3 y D B h ft; -r o ) 3 4. by ^- m Ik! r ~ ^ - x ( J.;^ "h\ h > * d b 
^ ft; f S o ) 3 .5 . 4 y f 7- - 7" 3 6 , -Ir -y h a ^ ^ - ;b 3 7 . ^-^ 'b' 7 r 

-t :i - ;U 3 8 ;4 0 -"r h l-H -t .-x - 3 9 i »3 liJt 5 n . 13 ;S L ^ 0 M 
(Read Only Memory) 1^ *rt ? tl Tl^ § t © i: 1" ^ o 
[001 7 ] 

hy^;H2)£tv':i-;b3 i&tfy-F&gM^v;a-;^3 2tihy^;i/Kc>E^S^bT 

KillaiE^*3M^Ma-r ^LT. ® 5^ ag i: b T «S -r i. ^2. « 51 IS t i>" -a - ;b 3 3 t± 
. h > twl/ ^ ^ i^' .1 - 3 1 ?> H > ^ ^ ^ ^ 51- L . ;^ If * g 11 ^ it 

Mt-^y-F2iDj;o^-i5y-Kicfcit?.ffiMsiBSt;^;i-^i^3 3[i. %^\L^m^m. 

5u£ b /c h y ^wl/ ® a fg pT, M ^ 5£ )9i W t<: g^e b T . ^ © S « tfl ^ h > twi/ D B 3 5 tC 51 ii 
t ^ t ti^K. 'ikm^t ^7 y'V a y D B 3 4 K mUlE tl fc 7 -f - y a y m)^^l (D 

[0018] 

7yU^-v/3>DB3 4{i:77'>;y->'3yv:7F'>xT (W"F. 77°'J':r-^/3y 

^ ft; 1- o ) MTA^mMt ^mmffaU^Mmt =^7yv'r-y a ym?:ii M 12 m f' IS b 
T ffg b . 7 - K * a s T - ^ ij^ f § ® * 7 7° u ^ - 3 > ^ M a b T Ift 1- ^ 
0 , f ij ;^ Ml o a 1 1 ^c;f^t J; 3 77^'; ^-e/ a d s c 

P (DiffServ Code Point) . ji iii ft* rOJ . -ir >y F is ^ ^ . {KjM^i^. -t -y i/ 3 y I& 1^ (D 
1f^g7b'!SiS^nTV^§o o®-fe-y^>3y^li. f?iJx.lfl2ll®y-K2lcMISiOiig*g»^ 
bafg^lf ^ J; 3 ^if^^ai^ bfc i: t ic. [ai-77''J ^--> 3 ^^ag'J^^:^3^.^Ty- 
F 2 iwi fff JcliJ ^a] pj ^ -tr >y i/ 3 > ^ ^ ^ f o 

[0019] 

h y^wi/D B 3 5 tiiimeieSp°nSfBii#l5i: brlifllb. S.M5llgt s/'^ a 3 tcck 
0 Ik' ^ 5 n F y ^wi/ ^ m w i£ b T f# p. n 5 D°o K If $s , m7L\,i%.'&(om\ 2 ic -r 

gg§±(?^7-i7-bX7-F'DID. 1 P7FPX. g^^PrS. ^-^^'yFffl**. fJ 
^ ^ . M fi p^p K ^ ^ ?iiJ ^ ® It $S *^ ^ n T V ^ ^ o 

[ 0 0 2 0 ] 

)\,-^ ^ y >f^--^ i\, 3 6 l± . - US 6*1 ^ - T ^' > ^ i: b T O T' 7 F* -y ^ -y 

Fy-^F^'Di^sss^lS^bfc F y % o 
[002 1 ] 

MANETtv'^-^baofi. BIS-r^7-Kiigi:Wi<:^^>>F7-^^^i^-r€.iii: 

m7L\l. _l:ai;l/-T'f:^yT-7;l/3 60S!SSli:a-:5^'^TIETF (Internet E 
ngineering Task Force) O 7 - + ^ ^ ;l/ - ^ (WG) T' ffl >J? ffi ^ ^ tl T ?. J: O ^ M 

AN E T ;l/ — -r f y ^'V u F n ;!/ tc i § ii ft ^ 9 o 
[ 0 0 2 2 ] 

-y F A/J t ^ -^l^ 3 7 t±. -flSy - KfflijT-li L A N (Local Area Network) 
AN (Wide Area Network) ^ is^ ^ Xtl ^ nX % k -J V (DM^Vi O o 7^-feXy 
- FTt iJJUiTfc^o '^"T-y Y K:h =t iy :l - )\y 3 7 It^Uh^^^mLfcJ^^ -J Y^f^^-j 
F l^lJ t iy .1 - ;F 3 8 fji *a t" S o 
[ 0 0 2 3 ] 

z^-^- -y F fiJS^i^' a 3 8 a^iK¥iJSiJ¥lii t bTmt^ b. 7 ^ U ^ - a > D B 3 4 
R F > ^WF D B 3 5 pa 1% b T ^ -y F A t :x - ;l/ 3 7 ffl tB b fc ^'^ ^ -v F (D 'If f@ 
^ H © F y ^- ;F ( a (3 ifS ) ^ il o T 5^ -y F 7 - ^ til $E -r ^ ^ 5£ b ^-^ ^ -y F Hi 
^ t - ;F 3 9 jMfi -r ^ <, y Y m-fify ^- 3 ^ /■^ >>- -y F *iJ ^ t 3. - ;l/ 
3 S-eJg^^nfcSSSt-z'^'Jr-y F^ai^1-?>o 
[ 0 0 2 4 ] 



/ ■■- F^>LnP.«-ti/ -I. — /l^ (i s y K iili M. t V ;l --- Jl 3 2 . h > ^- iu :i ■-- 

;b 3 I . a it iig 'SS v>' -1 — ;V 3 3 & 1/ M A N F, T -^V i^' :.l — ;l/ 3 0 (<: .i: 0 M Pi iVi^ ^ m b . 
i; fc. /^y -y r A Jj t .-x - 3 7. -'^ >>" -y h -T-i] -t - ;!/ 3 8 & O*/? <y h /iS J J -t 
a- - ;b 3 9 ic j; D ^/ 7 h Jl 3^ * m L . .fiiJ & -y h M Sfi i'iP ^ / '/ U - iy 

H y X - ^ - X 3 4 . h y m 3 5 t)V--r^ y ^/ -r - 7" ;^ 3 6 Iz. 

^ n /c'if $K b T . ^ -y h (?) }i ^ iffi M ftiij m ^ f J- -5 o 

[ 0 0 2 5 ] 

± at o < ii )jt ^ n ^ ^ y - F © - Sk' y - F *5 tj- ^ +: ^ t± > i 7 * t -e s 

1 . K e % ffl T -<L m 7 F 4-^ -y ^ -y F 7 - ^ ^ +i ^ 1- ^ . 10 

2 . 7 ^ -t X / - F « :/ a - F + + X F ^ S L > ^ tt ffcj ^ 7C F > ^wl/ «?ra5 * 

If 9 o 

3 . 7 ^ -fe X y - F F y U > ^" i § }i ^ f J -9 o 

4 . fci L fc F y ^oi/ hin^-^ m iv-j tc: ti -r ^ o 

5 . k^-)l^tl^7-f') ^r-y a > © M * -r § 5?j M A'^ -tS ^ 2 ti T ^ D B -S: « J# "T ^ . 
6. -^:•^^ILTl^S F y^Wl/©p°pSA^+&)N^*nTl/>S D B ^fSJ#t-§o 

7 . 7 F -y ^ -y F 7 - ^ i: F > ^ ^ 1« ?B ^ f^g f$ -r ^ o 

8 . L A N ^ W A N ^ ffi ® 7 - F 7b^ P> A ^ n § -^r >y F « M fl * ff 9 o 

-r?>o 20 

1 0 . y -y F -l^iJ ^ t y .-L - ;l/ T' f§ ^ n SS -y F >^ Bi >J t 5 o 

[ 0 0 2 6 ] 

S . 7 ^ ^ X y - F ^ :l£ ^ 1i ^ . O J: 5 t « T ?. o 

1 . g£ e ffi ^ ffl T ^ W f<: 7 F ^tx -y ^ -y F V - ^ ^ ^ T o 

2. s#A^fgfetLTi^'57^-fex[5]s^tDif$si:. ^/-Y^^inLxifnt^mm^m.^^ 

p-F + -^XF^ifO#j4tcJ:07F>t>-y^^'yF7-^rtti:{^^T§o 

3. -«Sy- FA^P.i0B^^M*O!gM^tTd = 

4 . 7 F * -y ^ -y F 7 - ^7 i: h y ^wl/ (D 3g S8 "If IS ^ 5 o 

5. LAN^WAN^^\ m(D y ~ Y -h-^ h t tl ^ y V (D %.m^ n o o 

6 . >;r -y F A t a - ;l/ -(? m L /c /-^ ^ -y F (?) ffi fS 7t s /-^ 'y F 0) e ^ ^ r;^ 30 
■r So 

7 . ^^'^r >y FfiJ^t->"^-;l/T'Jg^^n/-c^SSli:^^'y >y F ^ Hi f S c 
[ 0 0 2 7 ] 

0 3 ^ # HS. L T , ^ 'y F 7 - ^ P«3 O 7 ^ -tr X y - F h - «S y - F T ^ ti 5 t* ^ fE ji 

^ I5i 0^ -r 5 o 

S -f . 7 ^ -fe X y - F ti F ^ ;HS ^ t ^ - ;U 3 l a J: O ^ ^# ^ O - flS y - F L 
. hytwUff^fi!c1ffSi:bT?iJffl^n5x7^;bF;l/-F (r7*;l/F®ftgSS) 1t$g*^ 
i«WtC-/P-F + ^Xh (SH^-) -t^o -«Sy-F«Fy^;U^/gt>'*^--'U3 1 alCT 

T=~7;^-;^F;^-F1ffg;&S{iL. ^ (Dmm^m\z7 ^ ^ 7. y - Y \. Y y ^- y ^' \^ X. 

i> g ^ ( F y ^Wl/ ^ ) S * ^ ff ^ o 40 
[ 0 0 2 8 ] 

7 ^ -fe X y - F « - «S y - F ^ f3 F y ^wl/ ^ ^ g * le: i£ b . F y ^wb ^ 5E ^ a - ;l/ 

3 1 b y - F IS 11 1 >>■ a - ;b 3 2 b y - F IS HI s ijc fS" T s o y - F IS m. t v-" 

^ - ;u 3 2 b F y ^wi/ IS aE * "S * b - ss y - F ?i L y - F IS IE 1- s g ^ a ai-r § o 
y - F IS 11 a »] ^ s It IS o /c F y ^wns /E "^iy 2 a . 0ij ;^ m ht-\zYy )\y 

(D^mif'&^i^-^-o tz.^ f^'T 'v F ^fe ^ Jb'! A 1 1/^ ^ i?) HI M B 5. n ^ it n {f . 7 ^ -fr 7. y - F 

^ y - F IS III ^ -r s ^ * 1" s o 

[ 0 0 2 9 ] 

S . 7 ^ -t? X y - F t± y - F E II ^ i^' i - ^b 3 2 b T y - F e (0 y - F ES II 
® J-S ^ ^ ^ {.9 b T . F y ^Wl/ S t S/ i — 3 1 b ^ F y ^wb ^ aE It SJ fi ^ {ft |p b . F 50 



y ^ ilym'ji^'e ri )l 3 1 b -Jf ^ --- y ■ -- F ^ h ;b ^i/ ii i -i'ii 1-^ 1" o = 
[ 0 0 3 0 ] 

L T . — Its y - F 'C' 1- > ^ ;b liS S -f: - .'l^ 3 1 a T F > * ;b ;il 'Iti ^li ^ ^ 1,1 L 

2 t b /c ;l/ - f- > ^' T - ^ ;L' 3 6 t ^* 9" h 1;: . i^f. S iiS M t :l - 3 3 a 

o ® F y Eii E 'Iff fS ^ Ii !r- m n W F V ;F £D ,a M ^li >i: f J- . ^- (73 F > ^- hp fi 

^ F y ^Wb D B 3 5 a h y ll^mm t L T T S o ^ L T . ^ }!^ t ^ M ,iS ^ 

:x-;\y 3 3 a Ji 7 7° 'J ^ - 3 > D B 3 4 a S feiJ $ tl T ^ '7 7" U ^/ - -> 3 > tn ?S ^ # 

sa. L T g ^ 5 n T v^ § F y ^wHf ^fi i: 7 :/ U ^ - -> 3 > M B'J c>:> * r § it >: ^ tt ^' 

¥iJ»tL. Qo S (Quality of Service) ^Mmii'^o 
[ 0 0 3 1 ] 

. M m >y F 7 - ^7 X X A « F > ^Wl/ /j^ o T . 4 ~ 6 cD R/j 13 . 

0 7, 8 (oy u~-^ ^ ~- h ^pm\^r wimt ^ . 

$ -r. ^ 7 - F t± . K ?f K W * ffl T i M til 7 F -y •> ^ -y F 7 - ^ ( N W ) 10 
^mmt Fti. #>i!03 7 7°ij ^-~> 3 ytCOl^T. I P / I C M P (Internet 

Control Message Protocol) ^ y rj: E (D 0 S I # ^ r ;!/ ® U ^ ^ - 3 ^ -y ^\ & 
tJF T C P (Transmission Control Protocol) / U D P (User Datagram Protocol) 

^r£}£(Du-(^-4^y'}^(Dmm. Mizs ic t (D 7 -f 0 ^ - iy a y >tt ^ mm • • 

y F « ^ ^ if « 'W fli ^ . a 2 L f.: J: 5 Id 7=' - ^ - X h L T f.J -r § o 
[ 0 0 3 2 ] 

m 4 F y ^wl/ Si S ^ ^ 1^ f:> X 7 :t ;l/ F ;V - F M 18 E o h>3 13 ^ ;Ts 1" o HI5 N W 2 
0 b T i) 7 ^ -t X 7 - F 6 , 7 t± . N W 1 0 i: if fcl L T S g ^ F > fiJt 

'»^i:LTifiJffl^n§7'7*;l/F;l/-F (•r7:t;l/Fa{teSS) 1f$S^> ^^g1-§7-F 
{i::rD-F=^-^XF (IHfli) -r^ (Xx>yys 1) o 
[ 0 0 3 3 ] 

o ^IJ -e . 7 - K 2 . 0 4 fil 7f^ f cfc 9 ^ 7 - K 6 , 3 % ii ^ IS 7 - F 7 . 4 ^ 
31§ig?S<DFy^;l/Jf^fig1f$B^Sm-r5o ii«Fy^;l/mfi5c1f$S®at^§x7:t;l'Fii 
f8^SS1ff8l±NWl OJi^^mWl-T'a-F^^XF^nTfct). iS^gSlA^NWl 0 
tcg^LfciltlcSfi^n. ffl^fDIPMT'tD^^^t). fe§l/^{i77'U'^->'3ySl? 

[ 0 0 3 4 ] 

0 5 {± , * fi«J © 7 F * <y ^ >y F 7 - ^ F y ^ ;HS ^ I5i 0 S S o 7 - F* 2 « . 
§tt^^ /cx7 FiimiSKIf $g^i:^i^ o 7 ^-trX7- F 6 . 71CML. F^^wl/^ 
^>&U^xxF1-?. (Xx-yyS2)c Fy^Wl/(7)^^gtcMLTt±Kr?OSffiA^'ffll^^P>n 
§ o N W 1 0 O If. ^ ^ <■■ fc i!) . <?0 ^ «\ 1 P - i n - 1 P ( R F C 1 8 5 3 ) 
■^GRE(RFC 170l)J:D{ix IPsec (Security Architecture for Interne 
t Protocol) CD F y ^Wl/t- HO^iJffl A^<fc D jff t Ll>o 
[ 0 0 3 5 ] 

7 ^ -fe X 7 - F 6 , 1 U X X F L T # 7 - F 2 CD E II ^ 9 S ^ iJ »T b ( 
X X >y 7° S 3 ) . g M 5^ ^ i: b T ^ ji ^ T? § i: W »T L fc ?> IS II ^ ffi S L . m £ © 
^[5]S(ig|E>&^M5l L/iTb^ if ^ A^^fiJgiJ L (Xx-y^S 4) . ig 0 S mi ^ * b T ^ 
V^cD-Z?Sn{fXx-y7°S2CDMaii:K-'3. Fy^^i/'J^xXF^IiOjI-ro ll'^lHllillgll 
^-^1155 Lfc i; #tt F y^;l/|ga!jaa^*l7-r So 7^-feX7-F6. 7(i7-F2A^grc 
^t^i;LTjiW-eS5i:^fiJ»TLigtIA<3i^/cii^ti:7-F2-\Fy^Wl/cDM$S>&iMm-r5 

( X X -y 7^ S 5 ) o 

[ 0 0 3 6 ] 

7-F25i. 7^'-feX7-F6. 73b^P.S{BLfcFy^;l/'WIS*^7-F2lCi:oT^&^ 
^ © T ^ H 9 ^ K L ( X r -y y S 6 ) . 5S!n? =& i/> ±i F > ^wl/ ^ 5a H ^ 
1^ 7 -r ^ o a T- S i: f ij »T L /c ^ -a- . 7 - F 2 § M L F > ^wHf ^ * S . 7 - K 
2i:7-F6&t>"7-F7cDPE3T^n^'tlFy^Wl/^^^-rS (X-r-y7"S7) o 
[ 0 0 3 7 ] 



m 6 li. m CO '/ y ~y :i -y h U ■ - y y'i h y >s >i' Si ly-l M T o --i . ii'i : t. Vi 

i! $ n fc / ~ K 2 i: 7 ^' -tr X y - K fi , 7 o) IJij },: -jji b n 7c h :^ i?. /L' 11, 1 Z -u- |ij Jli L 
. d g|5 A 7 h 7 - y 2 0 J: O -y- - 8 t(OmK h ^ :l ^M'M'r / " 1' 2 > 

X 7 ,t h ii (M H ^ 8S L fc ^ h > --f ;i/ i i , i 2 /j^ b . N W i 0 ^'i- o -y- - ;s s ic i.'s] 
T h y ^- Jl^'Hoi^ "g- 1" ^ => ^: ® . -y- - A 8 J: Eil A'^ n ^ . y - k ,1 5]iJ Vc li 
. ^ ^ / - K O iH #5 I D N W 1 0 « I P 7 K U X A"! M ^ n . il^i E ?y /!J S ti ^ o 
[ 0 0 3 8 1 

s fc. h y ^- )i ^ - s nmn (D'mmmmic tu u f © i* e ^ 9 o / - f 2 (ct. >j- l 

^ n I P 7 K b X (i: a fg ^ ?g « 5^ ?g S 25 ^ ti ^ S IS b T < c i: T . « f)i 

o F y ^wi/A^ 5 1 -oo^ D- (flow) t L TliJjiJ-r ^ o F y ^wi/-y--/N 8 ii, y in 

- F 2 t til ^ 5. n it IS « F y ^wl/ A> P) iS < /-^ -ir F O >y ^" ^ ^ L . J: jiE 1 P 7 K 
^X^cS•^l^T 1 O^Xn-tCKfo 
[ 0 0 3 9 ] 

- 8 X - F 2 O F > ^- ;H5i S ^ L . S ^ i: L T ^< a i?] T -l, l^ij 

w L /i =5: p) ig II ^ t5 -r ^ o $ . rc ii L T M ^ n ii W § i: ?iJ rr L 

^liE^lfRj-rsg^X-KZtCjimb, Fy^wl/l l^*iJfflLTy-F2i:-lt-^^8i:(7) 

r^g -e F y ^wi/ ^ ^ -r 5 o IrI i« . . n w i o i*i tcis ^ l fc: f y ^ ;i/ 1 2 ?ij l t x - f 

2 - 8 © F y ^ ;b ^ -r ^ o IS '>£ * n F y * ;1/ Iff $fi . F y ;l/ D B IS 
^ n ^ . 0 6 © T . N W 1 0 © ifS * ^ H 1 ?> 3^ a5 N W 2 0 CO ■'i- - 8 {<: 7 ^ -b X Til 

F y^twl/ (a^i^SS) 2 Ol^ff -r §0 20 
[ 0 0 4 0 ] 

t F y^^^i'CDp^pg^M^tT^ JE^W F y^;UK^l7 x-X^i:■^l^Tg^^Pi3-r 
$ t\ X - F 2 1± F > ^wb * IS '4^ -r § ^ ^ © if M fc: IS L fc F y ^wl/ © ■» ^ F y ;V 
DBlciiip^ift?) (Xr>y:''S8) o i:©i:tcDFy^wl/ji^jP7D-ti:ov^T. I§58© 
7n-^-\'-F*#MLTBJiB^-r5o 
[ 0 0 4 1 ] 

X - F 2 « 7 ■/ u ^ - ^> 3 y D B , 0IJ X. {f X F >j - s y y X - ^ ^ 0 5* ^ Ie - 
;l/ ^ g * -r ^ 7 X 'J ^ - -> 3 y a f ^ s * *'y 1- ^ o X - F t± . 7 7° >J - ^y 3 
y D B i: F y * ;i/ D B ^ hb L . SU 7 X 'J ^ - ^y 3 y a S'J © ^ 1" ^ ffi m p"p K 54 « T- so 
t5Fy^;i/A^#ffi-r§*^^6Sig-rs (Xx>y:/S2i) o t$^%*EjMyi/-;PA^#^tL* 
i/^tf-a-tcti. iTMFy^;i/^-«SFy:t^;i/ii:iiijpt-s (x-f>vys2 2) <> z.z.X'-^v 
y ^wl/ h ti: . # ^ © 7 7" U ^ - v' 3 y ffl ^ © ii (i t^: Pfi ^ ? n * ^ S 6^ til *|J ffl ^ n ^ F 
y^wiz-ts^c Sfc, #^fflFy*;bi:{i!lt^7X''J':r-i/3yffljit®^<£ffl-r^Fy 
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t-hmm\.^wt^ (xr-y^s 1 2) o m7.\i. m^a^if-::! y^iim lti-l;^*^^ 
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h y^wl/i: LTjIAp • gg^L. sme*) h y :?^;b^moji@T'. ^ ^ ^ij i: ^{b f S h y ^ 

;l/ O ffi fl 5?i K I- JS b T ^ ffl ^ O ^ M ^ tT ^ ck ^ -r ^ . 
[ 0 0 4 9 ] 

y - K i± . 7 7" 'J ^ - '> 3 y D B h h y ^Wl/ D B >lr hb «i L . 7 ^ U '^r - i7 3 > S SO 

o^5t<-rsjiMp°pH^ES{*T-ts vy ^i\^if^n^-f^ti^'^mm^nmt ^ . M^a^vy^ 

;l/ K ^ 51 T # ^ 1/^ ^ ^ ti . 51 ffi # 2. S T' ^- © 7 y 'J y - 3 y {i - «S h y ^ ;V 

fl3 T g ^ n o fS SiJ ffl b y ^wKi . - IS ffl h y ?S 0 1 * {<: ^ § ^ T ijn -r ^ 

iiiiTb^Tt^o -l§ffl^y^w^^«^gl*?5bTfc^<iIi:T. ^T©7y'j^-i^3ytc 

W -r ii i: 1 . 7 '^r - 3 y a gij o T ti ^ JS -r h y ^wl/ ^ <)i m T t 
[ 0 0 5 0 ] 

la 9 ti . >^ f^ij ® a m -y h 7 - ^ X X A N w 1 0 til }g ji^ -r * l§ « 1 *^ ^ 35 >y 

>y h ff^ it T g -r § T # S o 

[ 0 0 5 1 ] 

d tD<?y ti . I P s e c ( h y :7Wl/^ — K) + N A T (Network Address Translation) 
h ^ - t)- ;^ o ffl ff^ T- -S i: CD t # . +)- - 8 ti T IB il ^ ^ "T □ 

D^liT. ii^J^I P7FUXti:^i^t-sai^>g:J#o. 
• ii ^ R§ + a - /j 3^ ( queue) te: -y 7 "/ L . T # ^ tt T C P « i/ - ^ y X # ^ 11 



I ;: iS !ii t <S 0 

- U D P ^? ^ 53 * ;£ 3^ tii -r ^5 o 
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r D A T A J r I p ^ -y J r I P s e c ^ 'y X' J T F > ^wL/ I P -y J * D s F V 
^WWI 1, 1 2«ii^i^«y-F©I P7FbXt«$g>Sr3|-r ri Ps e c^>y^J t h y 
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[ 0 0 5 6 ] 
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J; D . >y F # fij 0 ^ T F y ^wl/ 0 ^i- T g -r o 
[ 0 0 6 2 ] 
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y-F2ti. 77'U'>--i/3y(DS*-r§ji5£i;^^'!r>y F«*^<Dii^:^^?ifc-rFy^> 
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